Interesting argument, having written an Android app that was the first of its kind, I disagree with your argument that hobbyist development takes away jobs. If anything, it can create jobs, exactly because of the "copycat" phenomenon. I wrote an app that was the first of its kind available in the Android Market. There was at least one similar for iOS before I wrote mine. About a month after my first release, I discovered that another company had hired a developer (possibly more than one) to basically copy my app. In the end, because I was unable to dedicate my full attention to the project, and wanted to do other things, their app became far more popular than mine. The point is, someone who relies on app development for a living can easily compete with, and outperform, a hobbyist who only sees it as a fun side project that is nice to make some extra cash from.

I read an article a while back about the cars. It turns out, when they programmed them to follow the rules of the road exactly, they couldn't get anywhere because other drivers continuously broke the rules. So they had to reprogram the cars to allow for bending the rules in certain situations.
The example that stuck in my mind was at a 4-way stop sign, the car has to inch forward to indicate its intent to pass through the intersection. Otherwise, the other drivers just ignore the car and keep going in turn, despite the rules of the road stating that's illegal.

Alternatively, the core Android APIs should provide a null data set when the app hasn't been granted permissions to a particular resource, and normal rules of error checking your data apply.
I've written a few Android apps and can easily see how the Android permission system is broken. For example, when verifying an app purchase with the Google Market API, Google suggests using some unique identifier to encrypt the data store:

[...] the Policy must always obfuscate the data before storing it, using a key that is unique for the application and device. Obfuscating using a key that is both application-specific and device-specific is critical, because it prevents the obfuscated data from being shared among applications and devices.

However, in order to get a truly device-specific identifier requires extra permissions:

Note that, depending on the APIs you use, your application might need to request additional permissions in order to acquire device-specific information. For example, to query the TelephonyManager to obtain the device IMEI or related data, the application will also need to request the android.permission.READ_PHONE_STATE permission in its manifest.
Before requesting new permissions for the sole purpose of acquiring device-specific information for use in your Obfuscator, consider how doing so might affect your application or its filtering on Android Market (since some permissions can cause the SDK build tools to add the associated ).

So it's easy to see how permissions can be declared for something innocuous but used for something nefarious.

it's interesting to see the large flow of interconnected retweets in just one hour

I think the visualization of a slashdotting is more interesting.

It looks like this:
Network Error (tcp_error)
A communication error occurred: ""
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
For assistance, contact your network support team.

Interesting, my gmail is down to under 500 spam messages from the last 30 days. That's the lowest I ever remember seeing it and actually was quite a shock when I noticed it a few days ago. My usual has been somewhere around 1000